Cryptography Spam

I think this is a first.

Information security, and protection of your e-money. Electronic payments and calculations, on means of a network the Internet or by means of bank credit cards, continue to win the world market. Electronic payments, it quickly, conveniently, but is not safely. Now there is a real war, between users and hackers. Your credit card can be forgery. The virus can get into your computer. Most not pleasant, what none, cannot give you guarantees, safety.

But, this disgrace can put an end.

I have developed the program which, does impossible the fact of abduction of a passwords, countersign, and personal data of the users. In the program the technology of an artificial intellect is used. As you cannot, guess about what the person thinks. As and not possible to guess, algorithm of the program. This system to crack it is impossible.

I assure that this system, will be most popular in the near future. I wish to create the company, with branches in the different countries of the world, and I invite all interested persons.

Together we will construct very profitable business.

Posted on June 30, 2009 at 1:36 PM • 52 Comments

Comments

JohnJune 30, 2009 1:56 PM

Well, I have to partially agree with him on one point.

".... you cannot, guess about what the person thinks....."

I certaintly can't guess what that person is thinking. Or for that matter, if he's thinking at all.

KerubJune 30, 2009 2:26 PM

".... you cannot, guess about what the person thinks....."

I remember of a sci-fi novel where someone was specialized in guessing passwords. He studied the target person way of life and other everyday life details and came out with the right password.

he did it guessing what the person thinks.

I think that is possible.

spJune 30, 2009 2:26 PM

@JB: Every year, there's a surplus of punctuation that goes unused by people constructing e-mail messages, participating in online chat, and so on. Good on this spammer for trying to use up some of that wasted punctuation. With more spammers like her or him, we can finally eliminate the mountains of wasted punctuation the government has dispose of ever year.

Oh, and it's "grammar".

MarkJune 30, 2009 2:36 PM

@Kerub: You might be thinking of "Dogwalker", a short story by Orson Scott Card (http://en.wikipedia.org/wiki/Dogwalker)

Alan PorterJune 30, 2009 2:43 PM

How are you gentlemen !!
All your base are belong to us.
You are on the way to destruction.

You have no chance to survive make your time.
Ha ha ha ha....

JohnJune 30, 2009 2:56 PM

@Kerub: I remember of a sci-fi novel where someone was specialized in guessing passwords

Yep, I seem to recall the same story. Also used a bit of biometrics. Unfortunately, the guesser entered the correct password on the 1st attempt.

MilanJune 30, 2009 3:05 PM

@Kerub and John,

I think it's Orson Scott Card's "Dogwalker" that you remember, from his collection Maps in a Mirror.

spaceman spiffJune 30, 2009 3:31 PM

Talk about Tales From The Crypt! Back in the early 80's I was positing the possibility of using keystroke patterns of timing to authenticate users. No password necessary. Just display a random phrase (about 100 characters) for the user to type into the system, and the system can analyze the typing patterns of the user to determine if they are who they say they are. The main problem is what to do when you have broken your wrist and have to type single-handedly... :-)

SuzanneJune 30, 2009 3:37 PM

Milan! What a wonderful idea... spam poetry! A lot of it does read like worded versions of modern art.

OojiwahJune 30, 2009 4:07 PM

Hahahahaha! You tiny FOOL! Your ecommerce fraud fu is clearly inferior to my secret protection of end-users technique! Hahahahaha!

MailmanJune 30, 2009 5:13 PM

@Daniel Franke - I am assuming that it is someone who sent a message specifically to Bruce Schneier, and perhaps a few other crypto gurus, asking them to become a business partner.

Regardless of whether it was sent in bulk or not, this should be considered spam by its recipient. It's an unsolicited business proposal, just like the "first DEC spam" of 1978.

Daniel FrankeJune 30, 2009 6:06 PM

@Mailman: If that's the case I'm surprised it's a first. I've gotten much crankier stuff than this in my inbox, and obviously I'm a lot less famous than Bruce.

NostromoJuly 1, 2009 1:04 AM

Dear Sir,

My associates and I wish to invest $50 million (fifty million US dollars) in your wonderful company.

Please confirm your bank account details by wiring $100 to my bank account in Lagos, Nigeria. When we receive it and are able to confirm your bank details, we will immediately wire you the $50 million.

mooJuly 1, 2009 2:11 AM

@Bruce:

Did you receive this in your e-mail? Since you are a well-known authority on cryptography, isn't it more likely that this is an elaborate troll played against you, than an actual randomly-targeted spam?

..I am assuming of course, that millions of other people are not receiving the same message. Since spam filters eat 99% of them and us humans seldom read the rest, my assumption could be wrong.

IanJuly 1, 2009 2:23 AM

Are you sure that this isn't just spam steganography? That's the first thing I though of when I saw the title...and then the message.

Kurt SeifriedJuly 1, 2009 3:05 AM

@moo

actually I forwarded it to Bruce (June 24th), I found it highly amusing, didn't expect him to post it (maybe more people sent him copies, maybe it tickled him, etc.). Either way it rates in the top 100,000 weird spam I've received =).

roehmJuly 1, 2009 3:37 AM

another types of overflow that occur in minds that shows the "overconfidence" and "overirrational" as the side effect, or main effect, probably

MentalPasswordSafeJuly 1, 2009 3:39 AM

``As you cannot, guess about what the person thinks. ... This system to crack it is impossible."

I think he is suggesting we all use pass phrases.

qwertyuiopJuly 1, 2009 3:52 AM

Let's leave aside for a moment the fact that this is almost certainly a con. Clearly the person who wrote this message didn't have English as their first language and several commenters here have taken great delight in ridiculing the almost incomprehensible prose. I would just like to pose them a question: how well could YOU write something in another language? Several of you can't even spell or write grammatically correct English! (And no, I don't claim that my English is perfect!).

Tom WelshJuly 1, 2009 4:40 AM

Any informed guesses as to which language it was translated from? No doubt the broken English phrases correspond to normal idioms in Chinese, or whatever.

It never fails to amaze me that people will go to the trouble of composing and sending out these missives, without bothering to get them translated by a competent English writer. How difficult can it be to find one these days, anywhere in the world?

qwertyuiopJuly 1, 2009 4:53 AM

@Tom Welsh

My guess would be Chinese. I suspect it's either a word-by-word dictionary translation or it's been run through (poor) translation software.

PaeniteoJuly 1, 2009 7:12 AM

@qwertyuiop: "how well could YOU write something in another language?"

Probably not too well.
*However,* if I wanted to make money from a text in a foreign language, I would spend some effort to get it right.

JamesJuly 1, 2009 8:07 AM

Is this coming from Nigeria? I can give that person the contact information for that poor Nigerian fellow that needs help with all his money from the royal palace...

Adam GomaaJuly 1, 2009 8:39 AM

@Tom Welsh I don't think it's a translation at all. Like BCS, I think it's the result of a Markov chain text generator. I've been getting spam that seems to be seeded with the text of the page it's posted to - which probably helps beat things like the Akamai spam service.

As Kurt said he received it, I'd assume that his email was scraped from his website, and then the contents of his site used as the seed text.

Mark V. ShaneyJuly 1, 2009 11:42 AM

The challenge is that junk mailers can go out of member directories and may place your e-mail address is an exemplary BOBE-weak system. It is often difficult or impossible to tell how a spammer acquired a user's e-mail address.

You must detect a disease in a spam center to keep up with several versions of the object that will enter the predictions that individual instances (clients) of all security-systems, whether based on hardware or software, will be able to get it right, and you want to avoid future spam, because one or more messages received are yet another explanation for free riding.

Sometimes, these attacks even take the form of time. The goal is to determine if they are generally cheap and easy to guess, and may receive more spam, because in terms of the spam we received, most were received from the payload.

For example, most people have a huge bearing on the address and will send it to Bruce Schneier, who has essentially free use of channels that he has subscribed or paid for.

As with spam, so with obscenity: You can't define it, but you know it when you have broken your wrist and have to type up the formulas that dance around in a foreign language. I would just like to pose them a question: how well could YOU write something in another language? Probably not too well when you have broken your wrist.

MattJuly 1, 2009 1:21 PM

Whoa Bruce, for the first few sentences I though you got drunk and wrote a blog post!

James SutherlandJuly 1, 2009 1:37 PM

In a way, it's fortunate so many spammers appear to be illiterate. Of course, using poor quality as a heuristic for identifying scams can backfire; a year or so ago, I received a letter claiming to be from my credit card company wanting to check a transaction. The printing was so poor, on flimsy 60 gsm paper, I thought it had to be an attempt at offline phishing - but no. Sadly, it was genuine, as was the equally poor letter from another CC company a year later.

J. M. SchneiderJuly 1, 2009 5:36 PM

Sounds more like a quick and dirty use of Google's language tools. Probably made sense in his native tongue.

UlrichJuly 2, 2009 1:05 AM

Oh dear. It seems that KRYPTOCHEF is at it again...
(See http://kryptochef.net/index2e.htm for, err, interesting times. As far as I know, it's not clear whether he is an elaborate hoax or not, but he's gained quite some notoriety in Germany.(

CyberStasiJuly 16, 2009 3:19 PM

Wow... Kryptochef's website looks like the best that 1997 can buy! Complete with a tiled image background.
Also...
"Only Krypto master user can put
on new Krypto users." So its for Crypto Vampires?

As far as the Original post, this sounds a bit Boratish: "I assure that this system, will be most popular in the near future."

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..